Are VPN tunnels limited by the number of tunnel interfaces.
[ Edited ]
If using GRE over IPSEC VPN with Cisco router at remote location, with SRX 550/650/1400 as aggregation, do we need one tunnel interface per VPN. suppose each remote site (ciso router) has a backup and primary link.so the total number of tunnel interface support required is
# of tunnel interfaces = # of remote sites x number of links per site
refereing back to the similar scenario in SSG , there were some tactics which can use a single interface for multiple tunnels. if this is not the case are we limited by the numnber of tunnel interfaces on the platform.
Re: Are VPN tunnels limited by the number of tunnel interfaces.
Juniper is flexible. You can use signle interface for multiple tunnels if using route-based or multiple tunnels if using policy based. Take a look at hub and spoke VPN. Here is juniper's best practice:
"We recommend that you use route-based VPN when you want to configure VPN between multiple remote sites. Route-based VPN allows for routing between the spokes between multiple remote sites; it is easier to configure, monitor, and troubleshoot. Use policy-based VPN when your topology has a third-party device and requires a separate SAs for each remote subnet"
[KUDOS PLEASE! If you think I earned it! If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]